Page 1 of 1

mysql update - killing myself here

Posted: Sun Jul 22, 2007 11:35 pm
by ayfine
hey all,

I've been trying to figure this one out for some time now.

I call this function to validate a user, and I get this error

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'group = '1' where id ='10'' at line 1

code for the function :

Code: Select all

function validate($id) {
	$sql = mysql_query("update watch_users set group = '1' where id ='$id'") or die(mysql_error());
}
code for what calls it :

Code: Select all

if($_GET['do'] == "validate") {
		validate($_POST['user_id']);
		echo "<h4>user validated</h4>";
	}
Please don't tell me that group is a term like desc and can't be used...

Thanks in advance.

Posted: Sun Jul 22, 2007 11:42 pm
by superdezign
Group is indeed a reserved word, due to "GROUP BY."

If you surround your table names and column names in backticks (`), it won't be a problem.

Code: Select all

update `watch_users` set `group` = 1 where `id` ='$id'

Posted: Mon Jul 23, 2007 12:11 am
by John Cartwright
on another note, your code is vulnerable to SQL injection. You should pass all your string data through mysql_real_escape_string(), and all integer data through intval() or similar functions.